Name

Synopsis

Description

File Ownership

-u, --user, --owner=user, -o owner=...

Makes all files owned by the specified user. Also causes chown on the mounted filesystem to always fail.

-g, --group=group, -o group=...

Makes all files owned by the specified group. Also causes chgrp on the mounted filesystem to always fail.

-p, --perms=permissions, -o perms=...

Takes a comma- or colon-separated list of chmod-like permission specifications to be applied to the permission bits in order. See PERMISSION SPECIFICATION below for details.

This only affects how the permission bits of existing files are altered when shown in the mounted directory. You can use --create-with-perms to change the permissions that newly created files get in the source directory.

Note that, as usual, the root user isn’t bound by the permissions set here. You can get a truly read-only mount by using -r.

-m, --mirror=user1:user2:..., -o mirror=...

Takes a comma- or colon-separated list of users who will see themselves as the owners of all files. Users who are not listed here will still be able to access the mount if the permissions otherwise allow them to.

You can also give a group name prefixed with an ’@’ to mirror all members of a group. This will not change which group the files are shown to have.

-M, --mirror-only=user1:user2:..., -o mirror-only=...

Like --mirror but disallows access for all other users (except root).

--map=user1/user2:@group1/@group2:..., -o map=...

Given a mapping user1/user2, all files owned by user1 are shown as owned by user2. When user2 creates files, they are chowned to user1 in the underlying directory. When files are chowned to user2, they are chowned to user1 in the underlying directory. Works similarly for groups.

A single user or group may appear no more than once on the left and once on the right of a slash in the list of mappings. Currently, the options --user, --group, --mirror, --create-for-*, --chown-* and --chgrp-* override the corresponding behavior of this option.

Requires mounting as root.

File Creation Policy

--create-as-user, -o create-as-user

Tries to change the owner and group of new files and directories to the uid and gid of the caller. This can work only if the mounter is root. It is also the default behavior (mimicing mount --bind) if the mounter is root.

--create-as-mounter, -o create-as-mounter

All new files and directories will be owned by the mounter. This is the default behavior for non-root mounters.

--create-for-user=user, -o create-for-user=...

Tries to change the owner of new files and directories to the user specified here. This can work only if the mounter is root. This option overrides the --create-as-user and --create-as-mounter options.

--create-for-group=group, -o create-for-group=...

Tries to change the owning group of new files and directories to the group specified here. This can work only if the mounter is root. This option overrides the --create-as-user and --create-as-mounter options.

--create-with-perms=permissions, -o create-with-perms=...

Works like --perms but is applied to the permission bits of new files get in the source directory. Normally the permissions of new files depend on the creating process’s preferences and umask. This option can be used to modify those permissions or override them completely. See PERMISSION SPECIFICATION below for details.

Chown/Chgrp Policy

--chown-normal, -o chown-normal

Tries to chown the underlying file. This is the default.

--chown-ignore, -o chown-ignore

Lets chown succeed (if the user has enough mirrored permissions) but actually does nothing. A combined chown/chgrp is effectively turned into a chgrp-only request.

--chown-deny, -o chown-deny

Makes chown always fail with a ’permission denied’ error. A combined chown/chgrp request will fail as well.

--chgrp-normal, -o chgrp-normal

Tries to chgrp the underlying file. This is the default.

--chgrp-ignore, -o chgrp-ignore

Lets chgrp succeed (if the user has enough mirrored permissions) but actually does nothing. A combined chown/chgrp is effectively turned into a chown-only request.

--chgrp-deny, -o chgrp-deny

Makes chgrp always fail with a ’permission denied’ error. A combined chown/chgrp request will fail as well.

Chmod Policy

--chmod-normal, -o chmod-normal

Tries to chmod the underlying file. This will succeed if the user has the appropriate mirrored permissions to chmod the mirrored file AND the mounter has enough permissions to chmod the real file. This is the default (in order to behave like mount --bind by default).

--chmod-ignore, -o chmod-ignore

Lets chmod succeed (if the user has enough mirrored permissions) but actually does nothing.

--chmod-deny, -o chmod-deny

Makes chmod always fail with a ’permission denied’ error.

--chmod-allow-x, -o chmod-allow-x

Allows setting and clearing the executable attribute on files (but not directories). When used with --chmod-ignore, chmods will only affect execute bits on files and changes to other bits are discarded. With --chmod-deny, all chmods that would change any bits except excecute bits on files will still fail with a ’permission denied’. This option does nothing with --chmod-normal.

Xattr Policy

--xattr-none, -o xattr-none

Disable extended attributes altogether. All operations will return ’Operation not supported’.

--xattr-ro, -o xattr-ro

Let extended attributes be read-only.

--xattr-rw, -o xattr-rw

Let extended attributes be read-write (the default). The read/write permissions are checked against the (possibly modified) file permissions inside the mount.

Miscellaneous Options

-h, --help

Displays a help message and exits.

-V, --version

Displays version information and exits.

-n, --no-allow-other, -o no-allow-other

Does not add -o allow_other to FUSE options. This causes the mount to be accessible only by the current user.

--realistic-permissions, -o realistic-permissions

Hides read/write/execute permissions for a mirrored file when the mounter doesn’t have read/write/execute access to the underlying file. Useless when mounting as root, since root will always have full access.

(Prior to version 1.10 this option was the default behavior. I felt it violated the principle of least surprise badly enough to warrant a small break in backwards-compatibility.)

--ctime-from-mtime, -o ctime-from-mtime

Recall that a unix file has three standard timestamps: atime (last access i.e. read time), mtime (last content modification time) ctime (last content or metadata (inode) change time)

With this option, the ctime of each file and directory is read from its mtime. In other words, only content modifications (as opposed to metadata changes) will be reflected in a mirrored file’s ctime. The underlying file’s ctime will still be updated normally.

--hide-hard-links, -o hide-hard-links

Shows the hard link count of all files as 1.

Fuse Options

-o options

Fuse options.

-r, -o ro

Make the mount strictly read-only. This even prevents root from writing to it. If this is all you need, then (since Linux 2.6.26) you can get a more efficent mount with mount --bind and then mount -o remount,ro.

-d, -o debug

Enable debug output (implies -f).

-f

Foreground operation.

-s

Disable multithreaded operation. bindfs should be thread-safe.

Permission Specification

This program extends the chmod symbolic representation with the following operands:

‘D’ (right hand side) Works like X but applies only to directories (not to executables).

‘d’ and ‘f’ (left hand side) Makes this directive only apply to directories (d) or files (f).
e.g. gd-w would remove the group write bit from all directories.

‘u’, ‘g’, ‘o’ (right hand side) Uses the user (u), group (g) or others (o) permission bits of
the original file.
e.g. g=u would copy the user’s permission bits to the group.
ug+o would add the others’ permissions to the owner and group.

Examples

o-rwx

Removes all permission bits from others.

g=rD

Allows group to read all files and enter all directories, but nothing else.

0644,a+X

Sets permission bits to 0644 and adds the execute bit for everyone to all directories and executables.

og-x:og+rD:u=rwX:g+rw

Removes execute bit for others and group, adds read and directory execute for others and group, sets user permissions to read, write and execute directory/executable, adds read and write for group.

Examples

bindfs -u www -g nogroup -p 0000,u=rD ~/mywebsite ~/public_html/mysite

Publishes a website in public_html so that only the ’www’ user can read the site.

bindfs -M foo,bar,1007,@mygroup -p 0600,u+X dir mnt

Gives access to ’foo’, ’bar’, the user with the UID 1007 as well as everyone in the group ’mygroup’. Sets the permission bits to 0600, thus giving the specified users read/write access, and adds the user execute bit for directories and executables.

bindfs -ono-allow-other,perms=a-w somedir somedir

Makes a directory read-only and accessable only by the current user.

bindfs#/home/bob/shared /var/www/shared/bob fuse perms=0000:u+rD 0 0

An example /etc/fstab entry. Note that the colon must be used to separate arguments to perms, because the comma is an option separator in /etc/fstab.

Notes

Setuid and setgid bits have no effect inside the mount. This is a necessary security feature of FUSE.

MacFuse caches file contents by default. This means that changes in source files are not always immediately visible under the mount point. -o nolocalcaches can be used to disable the cache.

Bugs

Please report to the issue tracker on the project home page at http://code.google.com/p/bindfs/

Author

See Also

Table of Contents

• Name
• Synopsis
• Description
• File Ownership
• File Creation Policy
• Chown/Chgrp Policy
• Chmod Policy
• Xattr Policy
• Miscellaneous Options
• Fuse Options
• Permission Specification
• Examples
• Notes
• Bugs
• Author
• See Also